https://systemoverlord.com/tags/honeypots.htmlRecent content in Honeypots on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Fri, 04 Sep 2020 00:00:00 +0000https://systemoverlord.com/2020/09/04/lessons-learned-from-ssh-credential-honeypots.htmlFri, 04 Sep 2020 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2020/09/04/lessons-learned-from-ssh-credential-honeypots.html<p>For the past few months, I&rsquo;ve been running a handful of SSH Honeypots on some cloud providers, including <a href="https://cloud.google.com">Google Cloud</a>, <a href="https://m.do.co/c/b2cffefc9c81">DigitalOcean</a>, and <a href="https://shareasale.com/r.cfm?b=1380239&amp;u=2497236&amp;m=46483&amp;urllink=&amp;afftrack=">NameCheap</a>. As opposed to more complicated honeypots looking at attacker behavior, I decided to do something simple and was only interested in where they were coming from, what tools might be in use, and what credentials they are attempting to use to authenticate. My dataset includes 929,554 attempted logins over a period of a little more than 3 months.</p> <p>If you&rsquo;re looking for a big surprise, I&rsquo;ll go ahead and let you down easy: my analysis hasn&rsquo;t located any new botnets or clusters of attackers. But it&rsquo;s been a fascinating project nonetheless.</p>